Latest Cybersecurity News and Articles
11 September 2025
Cybersecurity researchers have disclosed details of a new campaign that leverages ConnectWise ScreenConnect, a legitimate Remote Monitoring and Management (RMM) software, to deliver a fleshless loader that drops a remote access trojan (RAT) called AsyncRAT to steal sensitive data from compromised hosts.
"The attacker used ScreenConnect to gain remote access, then executed a layered VBScript and
10 September 2025
18 popular packages with a total of 2 billion weekly downloads were targeted in an attack.
10 September 2025
An advanced persistent threat (APT) group from China has been attributed to the compromise of a Philippines-based military company using a previously undocumented fileless malware framework called EggStreme.
"This multi-stage toolset achieves persistent, low-profile espionage by injecting malicious code directly into memory and leveraging DLL sideloading to execute payloads," Bitdefender
10 September 2025
After announcing that the cyberattack-caused disruption to factories would continue, Jaguar Land Rover is now confirming a data breach.
The post Jaguar Land Rover Admits Data Breach Caused by Recent Cyberattack appeared first on SecurityWeek.
10 September 2025
Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems.
According to an analysis from Jamf Threat Labs, ChillyHell is written in C++ and is developed for Intel architectures.
CHILLYHELL is the name assigned to a malware
10 September 2025
Geordie has developed a platform that gives enterprises deep visibility into AI agents and what they are doing.
The post Geordie Emerges From Stealth With $6.5M for AI Agent Security Platform appeared first on SecurityWeek.
10 September 2025
The investment will accelerate product innovation and will fuel the security company’s expansion in the US.
The post Red Access Raises $17 Million for Agentless Security Platform appeared first on SecurityWeek.
10 September 2025
Apple’s new Memory Integrity Enforcement (MIE) brings always-on memory-safety protection covering key attack surfaces — including the kernel and over 70 userland processes.
The post Apple Unveils iPhone Memory Protections to Combat Sophisticated Attacks appeared first on SecurityWeek.
10 September 2025
Microsoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly known at the time of release.
Of the 80 vulnerabilities, eight are rated Critical and 72 are rated Important in severity. None of the shortcomings has been exploited in the wild as a zero-day. Like last month, 38 of the disclosed flaws are related to
10 September 2025
Tel Aviv–based startup replaces vaults and secrets managers with just-in-time policies, aiming to eliminate credentials entirely.
The post Hush Security Emerges Stealth to Eliminate Credential Threats With No-Secrets Platform appeared first on SecurityWeek.
10 September 2025
Apple on Tuesday revealed a new security feature called Memory Integrity Enforcement (MIE) that's built into its newly introduced iPhone models, including iPhone 17 and iPhone Air.
MIE, per the tech giant, offers "always-on memory safety protection" across critical attack surfaces such as the kernel and over 70 userland processes without sacrificing device performance by designing its A19 and
10 September 2025
The House Select Committee on China has formally issued an advisory warning of an "ongoing" series of highly targeted cyber espionage campaigns linked to the People's Republic of China (PRC) amid contentious U.S.–China trade talks.
"These campaigns seek to compromise organizations and individuals involved in U.S.-China trade policy and diplomacy, including U.S. government agencies, U.S. business
10 September 2025
High-severity vulnerabilities could lead to remote code execution, privilege escalation, information disclosure, and configuration tampering.
The post Fortinet, Ivanti, Nvidia Release Security Updates appeared first on SecurityWeek.
10 September 2025
Introduction
Managed service providers (MSPs) and managed security service providers (MSSPs) are under increasing pressure to deliver strong cybersecurity outcomes in a landscape marked by rising threats and evolving compliance requirements. At the same time, clients want better protection without managing cybersecurity themselves. Service providers must balance these growing demands with the
10 September 2025
Volodymyr Tymoshchuk allegedly hit hundreds of organizations with the LockerGoga, MegaCortex, and Nefilim ransomware families.
The post US Offers $10 Million Reward for Ukrainian Ransomware Operator appeared first on SecurityWeek.
10 September 2025
Designed to intercept cryptocurrency transactions, the malicious code reached 10% of cloud environments.
The post Highly Popular NPM Packages Poisoned in New Supply Chain Attack appeared first on SecurityWeek.
10 September 2025
Phishing-as-a-Service (PhaaS) platforms keep evolving, giving attackers faster and cheaper ways to break into corporate accounts. Now, researchers at ANY.RUN has uncovered a new entrant: Salty2FA, a phishing kit designed to bypass multiple two-factor authentication methods and slip past traditional defenses.
Already spotted in campaigns across the US and EU, Salty2FA puts enterprises at
10 September 2025
Advisories have also been published by Siemens, Schneider Electric, Phoenix Contact and CISA.
The post ICS Patch Tuesday: Rockwell Automation Leads With 8 Security Advisories appeared first on SecurityWeek.
10 September 2025
A Georgia hospital experienced a data breach on May 30, 2024, but notified affected consumers on August 27, 2025.
09 September 2025
Adobe has warned of a critical security flaw in its Commerce and Magento Open Source platforms that, if successfully exploited, could allow attackers to take control of customer accounts.
The vulnerability, tracked as CVE-2025-54236 (aka SessionReaper), carries a CVSS score of 9.1 out of a maximum of 10.0. It has been described as an improper input validation flaw. Adobe said it's not aware of